Wednesday, May 20, 2015

In this post I will explain how to use custom security in ADF application without using ADF security.
When you develop ADF application and want to deploy it in Glassfish or tomcat using adf-essentials you will find a problem with ADF security, in this case you have to find a new way to apply the security in your ADF application. In this post I will explain how to use java filter to apply security in ADF application. User information and user privileges will stored in database and after user enter username and password you have to check if it is correct or not from database and store user information and user privileges in a variables in session scope.

Follow this steps to apply custom security in your ADF application:

1- Make new ADF application (e.g ADFCustomSecurity).
2- Go to ViewController project property and set JavaEE Application and JavaEE web context root to a short name like(welcome)

3- Make new java class implement javax.servlet.Filter, you can name this class (ApplicationFilter)

4- Make 4 pages:

* index.jsp

* index.jspx

* login.jspx

This page will use back bean to check username and password this back bean should be like this:

7- When you deploy this application in tomcat or glassfish you may need jar file for jstl you can add this jar file inside public_html\WEB-INF\lib (you can get this file from the uploaded application)

8- Your application structure should be like this:

9- Deploy the application in weblogic or glassfish or tomcat.

10- To access the application just write "http://serverIp:port/welcome" where welcome is the context root of the application. After you write this short URL the application filter will redirect it automatically to login page.

11- After successfully login you will navigate to the welcomePage.

Note: if you successfully login and you see the welcome page then if you close the browser tab (not close the fully browser window) then open new tab and write the application url "http://serverIp:port/welcome" it will automatically navigate to the welcome page because the browser still maintain the session

You can download this sample application from here this application developed using JDeveloper 11.1.2.4.0

In this post I will explain how you can configure Glassfish instance (server) with basic authentication. If you deploy any java application or ADF application or web service in the Glassfish instance the user who will use this application or web service will be prompted to enter username and password.

To do so follow this following steps:

1- Open Glassfish admin
console then go to:

Configurations --> Server-config -->
Security --> Realms --> file

2- Enter
"USERS" in Assign Groups

3- Press
in "Manage Users" button

4- Press
New to create new user and set Group List to "USERS"

5- In
your web application add this in web.xml6- In
your web application create file "sun-web.xml" in the same place of
web.xml and write this:

7- Now
deploy the web application (Java, ADF ,Web Service,...) to the Glassfish and
when you try to call the application you have to enter username / password